| redirect-to-https |
Sets the 301 redirect rule based on the value of the http_x_forwarded_proto header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see 115 |
False |
| ssl-redirect |
Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. |
True |
| hsts |
Enables HTTP Strict Transport Security (HSTS) : the HSTS header is added to the responses from backends. The preload directive is included in the header. |
False |
| hsts-max-age |
Sets the value of the max-age directive of the HSTS header. |
2592000 (1 month) |
| hsts-include-subdomains |
Adds the includeSubDomains directive to the HSTS header. |
False |
| hsts-behind-proxy |
Enables HSTS based on the value of the http_x_forwarded_proto request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the nginx.org/redirect-to-https annotation. |
False |
| ssl-protocols |
Sets the value of the ssl_protocols directive. |
TLSv1 TLSv1.1 TLSv1.2 |
| ssl-prefer-server-ciphers |
Enables or disables the ssl_prefer_server_ciphers directive. |
False |
| ssl-ciphers |
Sets the value of the ssl_ciphers directive. |
HIGH:!aNULL:!MD5 |
| ssl-dhparam-file |
Sets the content of the dhparam file. The controller will create the file and set the value of the ssl_dhparam directive with the path of the file. |
N/A |
